Microsoft decided to be very inconsistent in their registry entries between NT and win2k when recording hotfixes. When NT records a hotfix for example: Q817606, doesn't it put a 'Comments' line in HKLM\Software\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606? and, on Windows 2000, XP and windows 2003, doesn't it go into (both?) key = "Software\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606"; item = "Comments"; (note, I think that plugin smb_nt_ms03-024.nasl may incorrectly use the Description item in NT, but I don't have an NT box around to check it against) And, actually, in the case of Q817606, Microsoft doesn't even mention the hotfixes registry hive, in fact, wanting to verify the dates on the files in the file list. http://www.microsoft.com/technet/security/bulletin/ms03-024.asp and in: key = "SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q817606"; item = "Description"; and for xp: (and windows 2003 server) key = "SOFTWARE\Microsoft\Updates\Windows XP\SP2\Q817606"; item = "Description"; (note, the updates reg tree needs administrative privileges to read) Several plugins that I have written, worked on and reviews in the smb_nt_msyy-nnn.nasl format attempt to read these registry keys. I have been told that maybe for non-english language versions, that Microsoft no longer populates the legacy 'hotfixes' directory. -- Michael Scheidell SECNAP Network Security to showcase new Managed Security packages at INFOSEC Visit Booth #525 at INFOSEC in Orlando, FL March 22-23 for information and a chance to win an ipod. See www.secnap.com/news for free registration and hall PLUS PASS _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2b30 : Sat Mar 06 2004 - 04:39:38 PST